In general, performance should not be an issue. Corner cases where it could be problematic are:
1) The device doing the forwarding is grossly underpowered or has buggy firmware (cheap consumer routers can be hit-or-miss).
2) The forwarded connection is very high bandwidth and/or extremely sensitive to latency (probably only an issue for real-time applications on an internal network... for pretty much any Internet app, the bandwidth and latency of the broadband connection will be the limiting factor).
Security is a trickier question. You're basically exposing whatever service is running on that port to the outside world, so the size of the security hole you're creating really depends on how secure that service is. For something like OpenSSH, I'd say the size of the hole is negligible if you're using strong passwords or key-based authentication. OTOH if you're doing something silly like exposing unprotected Windows folder shares to the Internet, you're hanging the digital equivalent of a "kick me" sign on your back.
The years just pass like trains. I wave, but they don't slow down.
-- Steven Wilson